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1.What are the two advantages of deploying cloud-based Cisco SD-WAN controllers? (Choose two.) 
A. centralized control and data plane 

B. distributed authentication policies 

C. management of SLA 

D. infrastructure as a service 

E. centralized raid storage of data 

Answer: C D 


2.An engineer is troubleshooting a certificate issue on vEdge. 
Which command is used to verify the validity of the certificates? 
A. show control local-properties 

B. show control summary 

C. show certificate installed 

D. show certificate status 

Answer: A 

Explanation: 

Reference: 
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/command/sdwan-cr-book/operational-cmd.html#wp 
2835720000 


3.What is a benefit of the application-aware firewall? 

A. It blocks traffic by MAC address 

B. It blocks traffic by MTU of the packet. 

C. It blocks traffic by application. 

D. It blocks encrypted traffic 

Answer: C 

Explanation: 

Reference: 
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/xe-16-9/sec-data-zbf-xe-16 
-9-book/sec-data-zbf-xe-16-9-book_chapter_0100100.html 


4.When VPNs are grouped to create destination zone in Zone-Based Firewall, how many zones can a 
single VPN be part of? 

A. two 

B. four 

C. one 

D. three 

Answer: C 

Explanation: 

Reference: 
https://sdwandocs.cisco.com/Product_Documentation/Software_Features/Release_18.4/Security/Enterpr 
ise_Firewall_with_Application_Awareness 


5.Which attributes are configured to uniquely Identify and represent a TLOC route? 
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A. system IP address, link color, and encapsulation 

B. firewall, IPS, and application optimization 

C. site ID, tag, and VPN 

D. origin, originator, and preference 

Answer: A 

Explanation: 
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/CVD-SD-WAN-Design-20180CT.pdf 


6.Which device information is requited on PNP/ZTP to support the zero-touch onboarding process? 

A. serial and chassis numbers 

B. interface IP address 

C. public DNS entry 

D. system IP address 

Answer: A 

Explanation: 
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sd-wan-wan-edge-onboarding-deplo 
y-guide-2020jan.pdf 


7.Which configuration step is taken on vManage after WAN Edge list is uploaded? 

A. Send the list to controllers 

B. Enable the ZTP process 

C. Verify the device certificate 

D. Set the device as valid 

Answer: D 

Explanation: 
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sdwan-wan-edge-onboarding-deploy 
-guide-2020nov.pdf 


device state must be moved from staging to valid. In vManage under Configuration > 
an o Controllers. 


8.When software is upgraded on a vManage NMS, which two image-adding options store images in a 
local vManage software repository? (Choose two.) 

A. To be downloaded over a SMTP connection 

B. To be downloaded over a SNMP connection 

C. To be downloaded over an out-of-band connection 

D. To be downloaded over a control plane connection 

E. To be downloaded over an ICMP connection 

Answer: CD 

Explanation: 

Reference: 
https://sdwan-docs.cisco.com/Product_Documentation/vManage_Help/Release_18.2/Maintenance/Softw 
are_Repository 


9.Which policy configures an application-aware routing policy under Configuration > Policies? 
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A. Localized policy 

B. Centralized policy 

C. Data policy 

D. Control policy 

Answer: B 

Explanation: 

Reference: 
https://www.cisco.com/c/dam/en/us/td/docs/routers/sdwan/configuration/config-18-4.pdf#page=451 


10.What is a default protocol for control plane connection? 

A. IPsec 

B. HTTPS 

C. TLS 

D. DTLS 

Answer: D 

Explanation: 

Reference: 
https://sdwan-docs.cisco.com/Product_Documentation/Software_Features/SD-WAN_Release_16.3/05S 
ecurity/O2Configuring_Security_ Parameters 


11.Which logs verify when a device was upgraded? 

A. Audit 

B. Email 

C. ACL 

D. SNMP 

Answer: A 

Explanation: 

Reference: 
https://sdwan-docs.cisco.com/Product_Documentation/vManage_Help/Release_18.4/Monitor/Audit_Log 


12.Which command displays BFD session summary information per TLOC on vEdge routers? 

A. show bfd history 

B. show bfd summary 

C. show bfd sessions 

D. show bfd tloc-summary-list 

Answer: D 

Explanation: 

Reference: 
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/command/sdwan-cr-book/sdwan-cr-book_chapter_ 
0100.html 


13.Which Cisco SD-WAN WAN Edge platform supports LTE and Wi-Fi? 
A. vEdge2000 
B. ASR1001 
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C. CSR 1000v 

D. ISR 1101 

Answer: D 

Explanation: 

Reference: 
https://www.cisco.com/c/dam/en/us/products/collateral/routers/1000-series-integrated-services-routers-is 
r/q-and-a-c67-739639.pdf 


14.Which component of the Cisco SD-WAN control plane architecture facilitates the storage of certificates 
and configurations for network components? 

A. vSmart 

B. vBond 

C. WAN Edge 

D. vManage 

Answer: D 

Explanation: 

Reference: 
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/system-overview.h 
tml 


15.Which type of route advertisement of OMP can be verified? 

A. OMP, VPN. and origin 

B. Origin, TLOC, and VPN 

C. Origin, TLOC, and service 

D. OMP, TLOC and service 

Answer: D 

Explanation: 

Reference: 
https://www.cisco.com/c/dam/en/us/td/docs/routers/sdwan/configuration/config-18-2.pdf#page=122 


16.Which OSPF command makes the WAN Edge router a less preferred exit from a site with a dual WAN 
Edge design? 
A) 
vpn vpn-id 
router 
ospft 
area number 
range prefix/length 
B) 
vpn vpn-id 
router 
ospf 
max-metric 
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vpn vpn-id 
router 
ospf 
area number 
no-summary 
D) 
vpn vpn-id 
router 
ospf 
area number 
nssa 
no-summary 
A. Option A 
B. Option B 
C. Option C 
D. Option D 
Answer: B 


17.Which two services are critical for zero touch provisioning on-boarding? (Choose two) 

A. SNMP 

B. DNS 

C. DHCP 

D. AAA 

E. EMAIL 

Answer: B C 

Explanation: 

Reference: https://www.grandmetric.com/2020/03/23/zero-touch-provisioning-ztp-cisco-sd-wan-work/ 


18.Refer to the exhibit. 


PEER PEER CONTROLLER 
PEER PEER PEER SITE DOMAIN PEER PRIVATE PEER PUBLIC GROUP 
TYPE PROTOCOL SYSTEM IP ID ID PRIVATE IP PORT PUBLICIP PORT LOCAL COLOR STATE 


UPTIME ID 


vbond dis - 0 0 132525 12346 132525 12346 gold connect 0 
vbond dis - 0 0 132525 12346 132525 12346 silver connect 0 


An engineer is troubleshooting a control connection Issue. 

What does "connect" mean in this how control connections output? 
A. Control connection is down 

B. Control connection is connected 

C. Control connection attempt is in progress 

D. Control connection is up 
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Answer: C 

Explanation: 

Reference: 
https://community.cisco.com/t5/networking-documents/sd-wan-routers-troubleshoot-control-connections/t 
a-p/3813237 


19.Which hardware component is involved in the Cisco SD-WAN authentication process for ISR 
platforms? 

A. TPMD 

B. ZTP 

C. TPC 

D. SUDI 

Answer: D 

Explanation: 

Reference: 
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sdwan-wan-edge-onboarding-deploy 
-guide-2020nov.pdf 


20.Which alarm setting is configured to monitor serious events that affect but do not shut down, the 
operation of a network function? 

A. Minor 

B. Major 

C. Medium 

D. Critical 

Answer: B 

Explanation: 

Reference: 
https://sdwan-docs.cisco.com/Product_Documentation/vManage_How-Tos/Troubleshooting/Monitor_Alar 
ms 


21.Refer to the exhibit. 


(x) BR1-VEDGE1 © 10.3.0.1 reachable vEdge Cloud 


What does the BFD value of 8 represent? 
A. number of BFD sessions 

B. hello timer of BFD session 

C. poll-interval of BFD session. 

D. dead timer of BFD session 

Answer: A 


22.How is the scalability of the vManage increased in Cisco SD-WAN Fabric? 
A. Increase licensing on the vManage 
B. Deploy multiple vManage controllers in a cluster 
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C. Deploy more than one vManage controllers on different physical server. 
D. Increase the bandwidth of the WAN link connected to the vManage 
Answer: B 


23.Which component of the Cisco SD-WAN control plane architecture should be located in a public 
Internet address space and facilitates NAT-traversal? 

A. vBond 

B. WAN Edge 

C. vSmart 

D. vManage 

Answer: A 

Explanation: 

Reference: 
https://www.cisco.com/c/dam/global/da_dk/assets/pdfs/cisco_virtual_update_cisco_sdwan_viptela .pdf 


24.Refer to the exhibit. 


policy 
policer ccnp 
rate 1000000 
burst 15000 
exceed drop 
| 
access-list acl-guest 
sequence 1 
match 


source-ip 172.16.10.0/24 
destination-ip 172.16.20.0/24 
destination-port 20 

protocol 6 


| 
action accept 
policer ccnp 
| 
| 
default-action drop 


Which QoS treatment results from this configuration after the access list acl-guest is applied inbound on 
the vpn1 interface? 

A. AUDP packet sourcing from 172.16.20.1 and destined to 172.16.10.1 is accepted 

B. ATCP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped 

C. A UDP packet souring from 172.16.10.1 and destined to 172.16.20.1 is dropped. 

D. ATCP packet sourcing from 172.16.20.1 and destined to 172.16.10.1 is accepted 

Answer: C 


